On 8/4/05, Ed White <[EMAIL PROTECTED]> wrote:
> Is there any plan to use x86 cpus rings (0..3) to improve OpenBSD security?
/usr/src/sys/arch/i386/i386/machdep.c has:
#if defined(I486_CPU) || defined(I586_CPU) || defined(I686_CPU)
/*
* On a 486 or above, enable ring 0 write protection.
*/
if (cpu_class >= CPUCLASS_486)
lcr0(rcr0() | CR0_WP);
#endif
and sys_machdep.c does checks to ensure that the LDT only has user
descriptors in ring 3. From my x86 assembly days, I found that I never
used ring 1 or 2, and it seems to be the same way with OpenBSD.
Unneccessarily complexities with little or no added security benefits.
--
Jon Simola
Systems Administrator
ABC Communications
